From e75fda92b6f948161168dbd55911007391fc90c8 Mon Sep 17 00:00:00 2001
From: Jens Frank <jeluf@users.mediawiki.org>
Date: Wed, 13 Oct 2004 21:30:18 +0000
Subject: [PATCH] Fix SQL injection bug

---
 includes/SpecialMaintenance.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/SpecialMaintenance.php b/includes/SpecialMaintenance.php
index 6f74bd5427..3166c5a4fe 100644
--- a/includes/SpecialMaintenance.php
+++ b/includes/SpecialMaintenance.php
@@ -269,7 +269,7 @@ function wfSpecialMissingLanguageLinks() {
 
 	$sql = "SELECT cur_title FROM $cur " .
 	  "WHERE cur_namespace=0 AND cur_is_redirect=0 " .
-	  "AND cur_title NOT LIKE '%/%' AND cur_text NOT LIKE '%[[{$thelang}:%' " .
+	  "AND cur_title NOT LIKE '%/%' AND cur_text NOT LIKE '%[[" . wfStrencode( $thelang ) . ":%' " .
 	  "LIMIT {$offset}, {$limit}";
 
 	$res = $dbr->query( $sql, $fname );
-- 
2.20.1